/** * Method to create the DroppedDocuments folder within the Root Folder * * @return string|null Returns an error message or null on success */ function createDropDocsFolder() { $root = $this->ktapi->get_root_folder(); if (PEAR::isError($root)) { $default->log->debug('MyDropDocuments: could not get root folder ' . $root->getMessage()); return _kt('Error - could not get the root folder: ') . $root->getMessage(); } //Create dropdocuments folder $dropDocsFolder = $root->add_folder('DroppedDocuments'); if (PEAR::isError($dropDocsFolder)) { $default->log->debug('MyDropDocuments: could not create DroppedDocuments folder ' . $dropDocsFolder->getMessage()); return _kt('Error - could not create the DropppedDocuments folder: ') . $dropDocsFolder->getMessage(); } // Get the DropDocuments folder object $dropDocsFolderObject = $dropDocsFolder->get_folder(); // The folder must define its own permissions so create a copy of the root folder KTPermissionUtil::copyPermissionObject($dropDocsFolderObject); // Each user is added to the WorkSpaceOwner role on their personal folder // Check if the role exists and create it if it doesn't if (!$this->roleExistsName('WorkSpaceOwner')) { $oWorkSpaceOwnerRole = $this->createRole('WorkSpaceOwner'); if ($oWorkSpaceOwnerRole == null) { return _kt('Error: Failed to create WorkSpaceOwner Role'); } } // Get the permission object from the dropdocuments folder object $oDropDocsPO = KTPermissionObject::get($dropDocsFolderObject->getPermissionObjectId()); if (PEAR::isError($oDropDocsPO)) { $default->log->debug('MyDropDocuments: could not get permission object for DroppedDocuments folder ' . $oDropDocsPO->getMessage()); return _kt('Error - could not create the DropppedDocuments folder: ') . $oDropDocsPO->getMessage(); } // Check to see if there are duplicate WorkSpaceOwner roles. if (count($this->getRoleIdByName('WorkSpaceOwner')) > 1) { return _kt('Error: cannot set user role permissions: more than one role named \'WorkSpaceOwner\' exists'); } // call the function to set the permission on the dropdocuments folder $this->setUserDocsPermissions($oDropDocsPO); // Assign the current user to the WorkSpaceOwner role $this->setUserDocsRoleAllocation($dropDocsFolderObject); return null; }
/** * Saves changes made by add() and remove(). * * @author KnowledgeTree Team * @access public */ public function save() { if (!$this->changed) { // we don't have to do anything if nothing has changed. return; } // if the current setup is inherited, then we must create a new copy to store the new associations. if ($this->getIsInherited()) { $this->overrideAllocation(); } $permissions = KTPermission::getList(); $folderItemObject = $this->_logTransaction(_kt('Updated permissions'), 'ktcore.transactions.permissions_change'); $permissionObject = KTPermissionObject::get($folderItemObject->getPermissionObjectId()); // transform the map into the structure expected foreach ($permissions as $permission) { $permissionId = $permission->getId(); // not the association is singular here $allowed = array('group' => array(), 'role' => array(), 'user' => array()); // fill the group allocations foreach ($this->map['groups']['map'] as $groupId => $allocations) { if ($allocations[$permissionId]) { $allowed['group'][] = $groupId; } } // fill the user allocations foreach ($this->map['users']['map'] as $userId => $allocations) { if ($allocations[$permissionId]) { $allowed['user'][] = $userId; } } // fill the role allocations foreach ($this->map['roles']['map'] as $roleId => $allocations) { if ($allocations[$permissionId]) { $allowed['role'][] = $roleId; } } KTPermissionUtil::setPermissionForId($permission, $permissionObject, $allowed); } KTPermissionUtil::updatePermissionLookupForPO($permissionObject); // set the copy to be that of the modified version. $this->mapCopy = $this->map; $this->changed = false; }
/** * Inherits permission object from parent, throwing away our own * permission object. */ function inheritPermissionObject(&$oDocumentOrFolder, $aOptions = null) { global $default; $oDocumentOrFolder->cacheGlobal = array(); $bEvenIfNotOwner = KTUtil::arrayGet($aOptions, 'evenifnotowner'); if (empty($bEvenIfNotOwner) && !KTPermissionUtil::isPermissionOwner($oDocumentOrFolder)) { return PEAR::raiseError(_kt("Document or Folder doesn't own its permission object")); } $iOrigPOID = $oDocumentOrFolder->getPermissionObjectID(); $oOrigPO =& KTPermissionObject::get($iOrigPOID); $oFolder =& Folder::get($oDocumentOrFolder->getParentID()); $iNewPOID = $oFolder->getPermissionObjectID(); $oNewPO =& KTPermissionObject::get($iNewPOID); $oDocumentOrFolder->setPermissionObjectID($iNewPOID); $oDocumentOrFolder->update(); if (is_a($oDocumentOrFolder, 'Document')) { // If we're a document, no niggly children to worry about. KTPermissionUtil::updatePermissionLookup($oDocumentOrFolder); return; } // if the new and old permission object and lookup ids are the same, then we might as well bail if ($iOrigPOID == $iNewPOID) { if ($oDocumentOrFolder->getPermissionLookupID() == $oFolder->getPermissionLookupID()) { // doing this, as this was done below... (not ideal to copy, but anyways...) Document::clearAllCaches(); Folder::clearAllCaches(); return; } } $iFolderID = $oDocumentOrFolder->getID(); $sFolderIDs = Folder::generateFolderIDs($iFolderID); $sFolderIDs .= '%'; $sQuery = "UPDATE {$default->folders_table} SET\n permission_object_id = ? WHERE permission_object_id = ? AND\n parent_folder_ids LIKE ?"; $aParams = array($oNewPO->getID(), $oOrigPO->getID(), $sFolderIDs); DBUtil::runQuery(array($sQuery, $aParams)); Folder::clearAllCaches(); // Update all documents in the folder and in the sub-folders $sQuery = "UPDATE {$default->documents_table} SET\n permission_object_id = ? WHERE permission_object_id = ? AND\n (parent_folder_ids LIKE ? OR folder_id = ?)"; $aParams[] = $iFolderID; DBUtil::runQuery(array($sQuery, $aParams)); Document::clearAllCaches(); KTPermissionUtil::updatePermissionLookupForPO($oNewPO); }
function do_removeDynamicCondition() { $aOptions = array('redirect_to' => array('main', 'fFolderId=' . $this->oFolder->getId())); if (!KTBrowseUtil::inAdminMode($this->oUser, $this->oFolder)) { $this->oValidator->userHasPermissionOnItem($this->oUser, $this->_sEditShowPermission, $this->oFolder, $aOptions); } $aOptions = array('redirect_to' => array('edit', 'fFolderId=' . $this->oFolder->getId())); $oDynamicCondition =& $this->oValidator->validateDynamicCondition($_REQUEST['fDynamicConditionId'], $aOptions); $res = $oDynamicCondition->delete(); $this->oValidator->notError($res, $aOptions); $oTransaction = KTFolderTransaction::createFromArray(array('folderid' => $this->oFolder->getId(), 'comment' => _kt('Removed dynamic permissions'), 'transactionNS' => 'ktcore.transactions.permissions_change', 'userid' => $_SESSION['userID'], 'ip' => Session::getClientIP())); $aOptions = array('defaultmessage' => _kt('Error updating permissions'), 'redirect_to' => array('edit', sprintf('fFolderId=%d', $this->oFolder->getId()))); $this->oValidator->notErrorFalse($oTransaction, $aOptions); $oPO = KTPermissionObject::get($this->oFolder->getPermissionObjectId()); KTPermissionUtil::updatePermissionLookupForPO($oPO); $this->successRedirectTo('edit', _kt('Dynamic permission removed'), 'fFolderId=' . $this->oFolder->getId()); }
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . '/foldermanagement/Folder.inc'; require_once KT_LIB_DIR . '/permissions/permissionutil.inc.php'; error_reporting(E_ALL); $oFolder =& Folder::get(2); $oPO = KTPermissionObject::get($oFolder->getPermissionObjectID()); $res = KTPermissionUtil::findRootObjectForPermissionObject($oPO); var_dump($res);
<?php require_once "../../config/dmsDefaults.php"; require_once KT_LIB_DIR . "/permissions/permissionobject.inc.php"; require_once KT_LIB_DIR . "/permissions/permissionassignment.inc.php"; require_once KT_LIB_DIR . "/permissions/permission.inc.php"; require_once KT_LIB_DIR . "/permissions/permissionutil.inc.php"; error_reporting(E_ALL); $oPermissionObject = KTPermissionObject::get(22); $oPermission = KTPermission::getByName('ktcore.permissions.read'); /*$oPermissionAssignment = KTPermissionAssignment::createFromArray(array( 'permissionid' => $oPermission->getId(), 'permissionobjectid' => $oPermissionObject->getId(), ));*/ // $oPermissionAssignment = KTPermissionAssignment::getByPermissionAndObject($oPermission, $oPermissionObject); $aAllowed = array("group" => array(1, 2, 3, 4)); KTPermissionUtil::setPermissionForID($oPermission, $oPermissionObject, $aAllowed);
function do_resolved_users() { $this->oPage->setBreadcrumbDetails(_kt("Permissions")); $oTemplate = $this->oValidator->validateTemplate("ktcore/document/resolved_permissions_user"); $oPL = KTPermissionLookup::get($this->oDocument->getPermissionLookupID()); $aPermissions = KTPermission::getList(); $aMapPermissionGroup = array(); $aMapPermissionRole = array(); $aMapPermissionUser = array(); $aUsers = User::getList(); foreach ($aPermissions as $oPermission) { $oPLA = KTPermissionLookupAssignment::getByPermissionAndLookup($oPermission, $oPL); if (PEAR::isError($oPLA)) { continue; } $oDescriptor = KTPermissionDescriptor::get($oPLA->getPermissionDescriptorID()); $iPermissionID = $oPermission->getID(); $aMapPermissionGroup[$iPermissionID] = array(); foreach ($aUsers as $oUser) { if (KTPermissionUtil::userHasPermissionOnItem($oUser, $oPermission, $this->oDocument)) { $aMapPermissionUser[$iPermissionID][$oUser->getId()] = true; $aActiveUsers[$oUser->getId()] = true; } } } // now we constitute the actual sets. $users = array(); $groups = array(); $roles = array(); // should _always_ be empty, barring a bug in permissions::updatePermissionLookup // this should be quite limited - direct role -> user assignment is typically rare. foreach ($aActiveUsers as $id => $marker) { $oUser = User::get($id); $users[$oUser->getName()] = $oUser; } asort($users); // ascending, per convention. $bEdit = false; $sInherited = ''; $aDynamicControls = array(); $aWorkflowControls = array(); // handle conditions $iPermissionObjectId = $this->oDocument->getPermissionObjectID(); if (!empty($iPermissionObjectId)) { $oPO = KTPermissionObject::get($iPermissionObjectId); $aDynamicConditions = KTPermissionDynamicCondition::getByPermissionObject($oPO); if (!PEAR::isError($aDynamicConditions)) { foreach ($aDynamicConditions as $oDynamicCondition) { $iConditionId = $oDynamicCondition->getConditionId(); if (KTSearchUtil::testConditionOnDocument($iConditionId, $this->oDocument)) { $aPermissionIds = $oDynamicCondition->getAssignment(); foreach ($aPermissionIds as $iPermissionId) { $aDynamicControls[$iPermissionId] = true; } } } } } // indicate that workflow controls a given permission $oState = KTWorkflowUtil::getWorkflowStateForDocument($this->oDocument); if (!(PEAR::isError($oState) || is_null($oState) || $oState == false)) { $aWorkflowStatePermissionAssignments = KTWorkflowStatePermissionAssignment::getByState($oState); foreach ($aWorkflowStatePermissionAssignments as $oAssignment) { $aWorkflowControls[$oAssignment->getPermissionId()] = true; unset($aDynamicControls[$oAssignment->getPermissionId()]); } } $aTemplateData = array("context" => $this, "permissions" => $aPermissions, "groups" => $groups, "users" => $users, "roles" => $roles, "oDocument" => $this->oDocument, "aMapPermissionGroup" => $aMapPermissionGroup, "aMapPermissionRole" => $aMapPermissionRole, "aMapPermissionUser" => $aMapPermissionUser, "edit" => $bEdit, "inherited" => $sInherited, 'workflow_controls' => $aWorkflowControls, 'conditions_control' => $aDynamicControls); return $oTemplate->render($aTemplateData); }
function do_updateSearch() { $id = KTUtil::arrayGet($_REQUEST, 'fSavedSearchId'); $sName = KTUtil::arrayGet($_REQUEST, 'name'); $oSearch = KTSavedSearch::get($id); if (PEAR::isError($oSearch) || $oSearch == false) { $this->errorRedirectToMain('No such dynamic condition'); } $datavars = KTUtil::arrayGet($_REQUEST, 'boolean_search'); if (!is_array($datavars)) { $datavars = unserialize($datavars); } if (empty($datavars)) { $this->errorRedirectToMain(_kt('You need to have at least 1 condition.')); } //$sName = "Neil's saved search"; if (!empty($sName)) { $oSearch->setName($sName); } $oSearch->setSearch($datavars); $res = $oSearch->update(); $this->oValidator->notError($res, array('redirect_to' => 'main', 'message' => _kt('Search not saved'))); // Update permission object if exists $sWhere = 'condition_id = ?'; $aParams = array($id); $aPermissionObjects = KTPermissionDynamicCondition::getPermissionObjectIdList($sWhere, $aParams); if (!PEAR::isError($aPermissionObjects) && !empty($aPermissionObjects)) { // update permission objects foreach ($aPermissionObjects as $iPermObjectId) { $oPO = KTPermissionObject::get($iPermObjectId['permission_object_id']); KTPermissionUtil::updatePermissionLookupForPO($oPO); } } $this->successRedirectToMain(_kt('Dynamic condition saved')); }